fix: oops didnt actually fix the comparison

2024-06-10 04:07:58 +02:00 · 2024-06-10 04:07:58 +02:00 · ec910693d9
commit ec910693d9
parent 3781d38f95
1 changed files with 18 additions and 20 deletions
--- a/upub/routes/src/activitypub/actor/following.rs
+++ b/upub/routes/src/activitypub/actor/following.rs
@ -62,30 +62,28 @@ pub async fn page<const OUTGOING: bool>(
 	let limit = page.batch.unwrap_or(20).min(50);
 	let offset = page.offset.unwrap_or(0);

-	let mut filter = Condition::all()
-		.add(if OUTGOING { Follower } else { Following }.eq(ctx.uid(&id)));
-
-	let hidden = {
-		// TODO i could avoid this query if ctx.uid(id) == Identity::Local { id }
-		match model::actor::Entity::find_by_ap_id(&ctx.uid(&id))
+	let (user, config) = model::actor::Entity::find_by_ap_id(&ctx.uid(&id))
 		.find_also_related(model::config::Entity)
 		.one(ctx.db())
 		.await?
-			.ok_or_else(ApiError::not_found)?
-		{
+		.ok_or_else(ApiError::not_found)?;
+
+	let hidden = match config {
 		// assume all remote users have private followers
 		//  this because we get to see some of their "private" followers if they follow local users,
 		//  and there is no mechanism to broadcast privacy on/off, so we could be leaking followers. to
 		//  mitigate this, just assume them all private: local users can only see themselves and remote
 		//  fetchers can only see relations from their instance (meaning likely zero because we only
 		//  store relations for which at least one end is on local instance)
-			(_, None) => true,
-			(_, Some(config)) => {
+		None => true,
+		Some(config) => {
 			if OUTGOING { !config.show_followers } else { !config.show_following }
-			},
 		}
 	};

+	let mut filter = Condition::all()
+		.add(if OUTGOING { Follower } else { Following }.eq(user.internal));
+
 	if hidden {
 		match auth {
 			Identity::Anonymous => return Err(ApiError::unauthorized()),